On Sat, Mar 31, 2007, Suresh Ramasubramanian wrote:
On 31 Mar 2007 06:09:30 +0000, Paul Vixie <vixie@vix.com> wrote:
are we really going to stop malware by blackholing its domain names? if so then i've got some phone calls to make.
That does seem to be the single point of failure for these malwares, and for various other things besides [phish domains hosted on botnets, and registered on ccTLDs where bureaucracy comes in the way of quick takedowns]
.. just wait until they start living on in P2P trackerless type setups and not bothering with temporary domains - just use whatever resolves to the end-client. You'll wish it were as easy to track as "accessing these websites or servers." (That, and the IPv6 space doesn't seem to be a saving grace either - it'll be easy to identify potential hosts to infect by infecting someone participating in P2P and moving across to other machines as you see P2P application connections to/from them.) Scary stuff. Adrian